public Task RemoveRefreshTokenAsync(JwtRefreshToken jwtRefreshToken)
{
var token = JwtRefreshTokens.FirstOrDefault(x =>
x.UserId == jwtRefreshToken.UserId && x.Token == jwtRefreshToken.Token);
JwtRefreshTokens.Remove(token);
return(Task.CompletedTask);
}
public bool ValidateRefreshToken(JwtRefreshToken refreshToken, ClaimsPrincipal claimsPrincipal)
{
var jti = claimsPrincipal.Claims.Single(x => x.Type == JwtRegisteredClaimNames.Jti).Value;
return(refreshToken != null &&
DateTime.UtcNow <= refreshToken.ExpiryDate &&
!refreshToken.Invalidated &&
!refreshToken.Used &&
refreshToken.JwtId == jti);
}
public void GenerateRefreshAndUpdateUser(T login, Action <string> refreshHandler)
{
var refreshToken = tokenService.GenerateRefreshToken();
JwtRefreshToken tokenResponse = broker.SendBroker <JwtRefreshToken>(new JwtRefreshToken()
{
RefreshToken = refreshToken,
UserName = login.UserName
});
refreshHandler.Invoke(!string.IsNullOrEmpty(tokenResponse.Code) ? refreshToken : string.Empty);
// refreshHandler.Invoke(refreshToken);
}
public async Task <JwtRefreshToken> GenerateRefreshTokenForJwtTokenAsync(ApplicationUser user,
SecurityToken token)
{
var refreshToken = new JwtRefreshToken
{
JwtId = token.Id,
UserId = user.Id,
CreationDate = DateTime.UtcNow,
ExpiryDate = DateTime.UtcNow.AddMonths(6)
};
await _context.RefreshTokens.AddAsync(refreshToken);
await _context.SaveChangesAsync();
return(refreshToken);
}
public JwtAccessToken CreateAccessToken(User user)
{
//Refresh token
var refreshToken = new JwtRefreshToken(
token: passwordHasher.HashPassword(Guid.NewGuid().ToString()),
expiration: DateTime.UtcNow.AddSeconds(tokenClaims.RefreshTokenExpiration).Ticks);
//Access token
var accessTokenExpiration = DateTime.UtcNow.AddSeconds(tokenClaims.AccessTokenExpiration);
var securityToken = new JwtSecurityToken(
issuer: tokenClaims.Issuer,
audience: tokenClaims.Audience,
claims: GetClaims(user),
expires: accessTokenExpiration,
notBefore: DateTime.UtcNow,
signingCredentials: signingConfigurations.SigningCredentials);
var jwtHandler = new JwtSecurityTokenHandler();
var accessToken = jwtHandler.WriteToken(securityToken);
refreshTokens.Add(refreshToken); //TODO: nie trzymać tokenów w pamięci
return(new JwtAccessToken(accessToken, accessTokenExpiration.Ticks, refreshToken));
}
public async Task UseRefreshToken(JwtRefreshToken refreshToken)
{
refreshToken.Used = true;
_context.RefreshTokens.Update(refreshToken);
await _context.SaveChangesAsync();
}
private async Task <ResponseAuth> CreateJwtTokenAsync(ApplicationUser appUser)
{
ResponseAuth responseAuth = null;
var appUserRoles = await userManager.GetRolesAsync(appUser);
var tokenHandler = new JwtSecurityTokenHandler();
var certificate = new X509Certificate2(appConfigSettings.Value.PrivateKeyLocation, "abc12345");
var key = new X509SecurityKey(certificate); //Encoding.ASCII.GetBytes(appConfigSettings.Value.JwtTokenSecret);
DateTime today = DateTime.UtcNow;
TimeSpan duration = appConfigSettings.Value.TokenLifeTime;
TokenExpiration = today.Add(duration);
var claims = new List <Claim>
{
new Claim(ClaimTypes.NameIdentifier, appUser.UserName),
new Claim(JwtRegisteredClaimNames.Jti, GenerateJwtTokenId()),
new Claim(ClaimTypes.Name, appUser.UserName),
new Claim(JwtRegisteredClaimNames.Email, appUser.Email),
// new Claim(ClaimTypes.Email, appUser.Email),
new Claim("id", appUser.Id)
};
if (appUserRoles != null && appUserRoles.Count > 0)
{
foreach (var role in appUserRoles)
{
claims.Add(new Claim(ClaimTypes.Role, role));
}
}
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(claims, "Bearer"),
NotBefore = DateTime.UtcNow.AddMinutes(-1),
IssuedAt = IssuedDate,
Expires = TokenExpiration,
Audience = "http://my.audience.com",
Issuer = "http://tokenissuer.com",
SigningCredentials = new SigningCredentials(key, SecurityAlgorithms.RsaSha384Signature) //(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256)
};
var token = tokenHandler.CreateJwtSecurityToken(tokenDescriptor);
responseAuth = new ResponseAuth
{
AccessToken = tokenHandler.WriteToken(token),
ExpirationDateTime = TokenExpiration,
DateIssued = IssuedDate
};
var _refreshToken = new JwtRefreshToken
{
RefreshToken = Guid.NewGuid().ToString(),
JwtId = token.Id,
UserId = appUser.Id,
CreatedDate = DateTime.UtcNow,
ExpiryDate = DateTime.UtcNow.AddMonths(6)
};
try
{
await appIdentityDbContext.JwtRefreshTokens.AddAsync(_refreshToken);
await appIdentityDbContext.SaveChangesAsync();
}
catch (Exception ex)
{
var msg = ex.Message;
throw ex;
}
responseAuth.RefreshToken = _refreshToken.RefreshToken;
return(responseAuth);
}
public async Task <RefreshTokenResponse> RefreshTokenAsyc(string token, string refreshToken)
{
RefreshTokenResponse refreshTokenResult = null;
var validatedToken = GetPrincipalFromToken(token);
if (validatedToken == null)
{
//token is invalid
return(new RefreshTokenResponse {
Errors = new[] { "Invalid Token " }
});
}
_tokenValidationParameters.ValidateLifetime = true;
var exptime = validatedToken.Claims.Single(x => x.Type == JwtRegisteredClaimNames.Exp).Value;
var expiryDateUnix = long.Parse(exptime);
var expiryDateTimeUtc = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)
.AddSeconds(expiryDateUnix);
if (expiryDateTimeUtc > DateTime.UtcNow)
{
return(new RefreshTokenResponse {
Errors = new[] { "This token is not yet expired" }
});
}
//get id from the jwt token
var jti = validatedToken.Claims.Single(x => x.Type == JwtRegisteredClaimNames.Jti).Value;
JwtRefreshToken storedRefreshToken = null;
try
{
storedRefreshToken = appIdentityDbContext.JwtRefreshTokens.FirstOrDefault(r => r.RefreshToken == refreshToken);
if (storedRefreshToken == null)
{
return(new RefreshTokenResponse {
Errors = new[] { "This refresh token does not exist" }
});
}
}
catch (Exception ex)
{
var msg = ex.Message;
throw ex;
}
if (DateTime.UtcNow > storedRefreshToken.ExpiryDate)
{
return(new RefreshTokenResponse {
Errors = new[] { "This refresh token has expired" }
});
}
if (storedRefreshToken.Invalidated)
{
return(new RefreshTokenResponse {
Errors = new[] { "This refresh token has been invalidated" }
});
}
if (storedRefreshToken.Used)
{
return(new RefreshTokenResponse {
Errors = new[] { "This refresh token has been used" }
});
}
if (storedRefreshToken.JwtId != jti)
{
return(new RefreshTokenResponse {
Errors = new[] { "This refresh token does not match this JWT" }
});
}
storedRefreshToken.Used = true;
appIdentityDbContext.JwtRefreshTokens.Update(storedRefreshToken);
await appIdentityDbContext.SaveChangesAsync();
//get the user id from the token
var userId = validatedToken.Claims.Single(x => x.Type == "id").Value;
var user = await userManager.FindByIdAsync(userId);
var generateRefreshToken = await CreateJwtTokenAsync(user);
refreshTokenResult = new RefreshTokenResponse
{
Token = generateRefreshToken.AccessToken,
RefreshToken = generateRefreshToken.RefreshToken,
Success = true,
AccessTokenExpiration = generateRefreshToken.ExpirationDateTime,
IssuedDate = IssuedDate
};
return(refreshTokenResult);
}
public Task AddRefreshTokenAsync(JwtRefreshToken jwtRefreshToken)
{
JwtRefreshTokens.Add(jwtRefreshToken);
return(Task.CompletedTask);
}
